Some emails soft-failing due to DNS config

[mackinra]

So I've followed the recommended DNS changes, including the CNAME of psrp.mydomain.com to rp.mydomain.com. Generally everything is working fine, but some email servers (notably mail.ru) are (soft-fail) rejecting our emails with:

421 Problem resolving DNS for domain psrp.mydomain.com (DNS alias found where canonical name wanted)

It should be noted that rp.mydomain.com is also a CNAME to mydomain.com, which is where the MX records can be found. Your recommended DNS config makes no mention of whether or not rp.mydomain.com should be an A or CNAME record -- I chose the latter for it's simplicity (by not having duplicate A records).

What would be the best way to resolve this?

[gthb1]

If you use a sub-domain for your domain (MailServer1.mydomain.com), you will create uniqueness and avoid the above mentioned errors. This would entail using it throughout your DNS config, e.g psrp.MailServer1.mydomain.com CNAME rp.host1.mydomain.com.

[mackinra]

I'm not clear on how this changes anything with respect to the servers complaint about using an alias (i.e., CNAME).

[gthb1]

The error you quoted explains the problem: (DNS alias found where canonical name wanted). My post explained the solution (it works in practice). Reread both, and you have your answer. Or perhaps try it, and once it works, you discover why ;)

Perhaps these explain: http://marc.info/?l=bind-users&m=98769278808331&w=2 https://lists.debian.org/debian-devel/2007/10/msg00331.html

[willpower232]

Interestingly, we don't have the A or AAAA records suggested by the wiki and ours works fine.

Some of our Postal Settings

mx.postal.example.com (A 1.2.3.4) rp.postal.example.com (MX mx.postal.example.com) rp.postal.example.com (TXT "v=spf1 a mx include:spf.postal.example.com ~all")

Customer Settings

psrp.clientdomain.com (CNAME rp.postal.example.com)

[mackinra]

@gthb1 Actually, I'm already using a subdomain... e.g., psrp.m1.mydomain.com (I used mydomain.com for brevity sake, and didn't think it relevant to the issue at hand) and maps to rp.m1.mydomain.com, which in turn maps to m1.mydomain.com.

My reading of the error message is that it doesn't like rp.m1.mydomain.com also being an alias (or maybe even psrp.m1.mydomain.com being an alias), and wants it to be a canonical name (i.e., A record). Since this setup (of rp) doesn't appear to be discussed in the Postal doc, that led to my question.

[gthb1]

@mackinra Please keep in mind you wrote "I've followed the recommended DNS changes, including the CNAME of psrp.mydomain.com to rp.mydomain.com" and "recommended DNS config makes no mention of whether or not rp.mydomain.com should be an A or CNAME record".

The help text in Postal reads similar to this: 'Return Path This is optional but we recommend adding this to improve deliverability. You should add a CNAME record at psrp.MailServer.domain.com to point to the hostname below. rp.postal.domain.com' and hopefully helps to see the difference between psrp.MailServer.domain.com (help) <> psrp.m1.mydomain.com (yours) rp.postal.domain.com (help) <> rp.m1.mydomain.com (yours) / m1.mydomain.com (yours)

As these things are rarely up to interpretation, and usually up to facts, perhaps this comes in handy as well, since you wrote "wants it to be a canonical name (i.e., A record)": CNAME = Canonical Name: https://en.wikipedia.org/wiki/CNAME_record A = Address: https://en.wikipedia.org/wiki/List_of_DNS_record_types#A You can also have a look here: https://support.dnsimple.com/articles/differences-a-cname-records/ https://support.dnsimple.com/articles/differences-between-a-cname-alias-url/

Please do post back which settings worked for you in the end.

[mackinra]

@gthb1 Actually, the doc states:

You should add a CNAME record at psrp.m1.mydomain.com to point to the hostname below. rp.mydomain.com

(not rp.postal.domain.com as you state)

And I misstated that I used rp.m1.mydomain.com here... so I'm actually using what the doc states. What the doc doesn't state precisely is what rp should be in the DNS records.

When referring to "wants it to be a canonical name (i.e., A record)", I meant that this target email server in question appears to want the return-path domain to map to a canonical name (that has it's own A record) rather than another alias in another CNAME record.

Thanks for the links, but I'm well aware of what a CNAME and A record are.

And to reiterate, my setup is working just fine (99%+ of the time)... it's just a couple target email domains (like mail.ru) that are complaining about this DNS configuration. I'm wondering if anyone else has encountered it, and managed to work around it.

[mackinra]

@willpower232 Thanks for the reply. Does your setup also work for any recipients in the mail.ru domain?

[gthb1]

@mackinra What I quoted was copied from the screen (the MailServer setup checks page), and only my MailServer name and Hostname/Domain name were changed (for privacy), not the structure. Which instructions ("docs") did you mean/follow?

When you go to the MailServer setup page, does it come out with all check marks? Maybe it is your basic server setup that brings about the error?

So far there was no such error on our setup/side (that includes mail.ru).

If you decide to thoroughly address each issue by going through what was mentioned, can you then please post the solution you found?

Thank you.

[mackinra]

@gthb1

What I quoted was copied from the screen (the MailServer setup checks page), and only my MailServer name and Hostname/Domain name were changed (for privacy), not the structure.

Same here.

Which instructions ("docs") did you mean/follow?

Same place I guess... org/myorg/servers/myserver/domains/mydomain/setup

When you go to the MailServer setup page, does it come out with all check marks?

Yes.

Maybe it is your basic server setup that brings about the error?

Not sure, but doubtful given that the vast majority of email is being delivered just fine. The discrepancy in what is being shown for rp domains in our two setups is curious. Regardless, in your case, what type of DNS record do you have for rp?

So far there was no such error on our setup/side (that includes mail.ru).

Interesting... good to know.

[gthb1]

@mackinra From what I see above, I cannot put together "Same here." and "recommended DNS config makes no mention of whether or not rp.mydomain.com should be an A or CNAME record"

Re the location, this is indeed the same URL, but my quote and your quote differ, how would this be possible?

Do your hostname and your mailserver name differ?

Please see again the difference between "MailServer" and "postal", where yours stays "M1": psrp.MailServer.domain.com (help) <> psrp.m1.mydomain.com (yours) rp.postal.domain.com (help) <> rp.m1.mydomain.com (yours) / m1.mydomain.com (yours) (Check the !last line! carefully (this is where I think your setup differs) @willpower232 seems to have the same in 'Customer Settings')

Our "rp" DNS record type is CNAME.

PS: Off topic, I have a problem quoting in github and also don't know how to just show the unread issues, and any way/workaround re PMs. Any hint for this much appreciated! Thx.

[mackinra]

@catphish @adamcooke - can you guys chime in? Puzzled why emails to a couple domains (like mail.ru) are failing while everything else appears to be working fine.

[igerzog]

This is my DNS config that works fine with mail.ru as well. mail.mydomain.com A 10.20.30.40 # mail server ip address rp.mail.mydomain.com A 10.20.30.40 # mail server ip address _(returnpath from postal config file) rp.mail.mydomain.com MX 10 mail.mydomain.com # mx record for handling incoming messages sent to return path (eg. bounces) mydomain.com MX 10 mail.mydomain.com # mx record for handling incoming messages sent to main domain (eg. user@mydomain.com) psrp.mydomain.com CNAME rp.mail.mydomain.com # psrp - custom_return_path_prefix from postal config file mydomain.com TXT v=spf1 include:spf.mail.mydomain.com -all # spf rule for main domain spf.mail.mydomain.com TXT v=spf1 ip4:10.20.30.40 -all # main spf record with mail server ip address rp.mail.mydomain.com TXT v=spf1 include:spf.mail.mydomain.com -all # spf rule for return path

Postal config file part:

dns:
  # Specifies the DNS record that you have configured. Refer to the documentation at
  # https://github.com/atech/postal/wiki/Domains-&-DNS-Configuration for further
  # information about these.
  mx_records:
    - mail.mydomain.com
  smtp_server_hostname: mail.mydomain.com
  spf_include: spf.mail.mydomain.com
  return_path: rp.mail.mydomain.com
  route_domain: routes.mail.mydomain.com
  track_domain: track.mail.mydomain.com
  dkim_identifier: psrp
  domain_verify_prefix: psrp-verification
  custom_return_path_prefix: psrp

As to yours records: just change mail to m1